How to use app passwords with CodeTwo software
Problem:
You have a Microsoft 365 (Office 365) account with multi-factor authentication (MFA) enabled. When configuring a connection to Microsoft 365 in CodeTwo software, you receive the following error:
The request failed. The remote server returned an error (401) Unauthorized.
Solution:
Most CodeTwo products support MFA-enabled accounts. When configuring a connection to Microsoft 365, you are asked to sign in to your tenant via Microsoft's sign-in page.
However, in some cases (e.g. when configuring a connection to SharePoint Online in CodeTwo Backup), you are still required to provide you account's credentials directly in the program. If this account is MFA-enabled, providing your regular password instead of an app password will result in an error shown above.
App passwords are created for each MFA-enabled account to allow signing in to non-browser applications. App passwords don’t expire and can be used multiple times and in different programs at the same time.
Follow the links below to learn:
- How to create app passwords and use them with CodeTwo software
- Troubleshoot problems with creating app passwords in Office 365 / Microsoft 365
How to create app passwords and use them with CodeTwo software
To generate a new app password in Microsoft 365, you need to:
- Sign in to Microsoft 365 and go to the Security info page (Microsoft 365 home page > View account > Security info).
- Click Add method, select App password and click Add (Fig. 1.). If the App password option is not available, check the Troubleshooting section first.
Fig. 1. Creating a new app password in Microsoft 365.
- Enter the name for the app password (minimum 8 characters) and click Next.
- In the next step, your app password will be shown (Fig. 2.). Remember to save the app password or use the Copy App Password to Clipboard button before you close the window. You won’t be able to display this app password again, so if you forget it, you will need to create a new one.
Fig. 2. The newly generated app password.
- Click Done to close this window.
You can now use this app password in CodeTwo software to connect to Microsoft 365. Use the app password instead of your regular account password (Fig. 3.).
Fig. 3. An example of using an app password in CodeTwo Backup when configuring a connection to SharePoint Online.
Troubleshooting:
Microsoft security policies prevent creating app passwords in Microsoft 365 (Office 365)
After enabling multi-factor authentication (MFA) for the entire organization (or for admins only) by using the Microsoft Entra ID Protection or Microsoft 365 security center, some users may not be able to select app passwords as their sign-in method. To fix this, make sure that:
- users in your organization are allowed to create app passwords,
- the MFA is enabled in the MFA portal for the affected users.
Allowing users to create app passwords
- Open the Microsoft 365 admin center.
- Go to Users > Active users.
- Without selecting any user, click Multi-factor authentication (Fig. 4.). If you don’t have access to the multi-factor authentication settings, contact your administrator.
Fig. 4. Accessing the MFA settings in the Microsoft 365 admin center.
- (Optional) If the Configure multifactor authentication (MFA) page is displayed, click Legacy per-user MFA, as shown in Fig. 5.
Fig. 5. Accessing the per-user MFA settings.
- Go to the service settings tab and select the Allow users to create app passwords to sign in to non-browser apps option and click save (Fig. 6.).
Fig. 6. Enabling users to create app passwords.
If this option has already been selected, try using this solution.
Enabling and enforcing multi-factor authentication in the MFA portal
In the MFA portal, you can check the MFA status for each user. If the status shows Disabled, you need to enable it. If it already shows Enabled but you still cannot use app passwords, you will need to also enforce MFA for the same user.
To enable MFA, find the account that you use in your CodeTwo software, select it and click Enable (Fig. 7.). Confirm your choice by clicking enable multi-factor auth.
Fig. 7. Enabling multi-factor authentication for an admin account used in CodeTwo software.
Next, select the same account again and this time click Enforce (Fig. 8.). In the popup that opens, click enforce multi-factor auth and close.
Fig. 8. Enforcing multi-factor authentication for an admin account used in CodeTwo software.
Note that it can take up to several days for the changes to propagate. It might be also necessary for the account to sign out and sign in again to Microsoft 365 before the App password option becomes available on the Security info page. To make it quicker, you can go to the Active users page in the Microsoft 365 admin center and force sign-out the user (Fig. 9.).
Fig. 9. Signing out the user from all sessions to facilitate the changes.
Once you have access to app passwords, follow these steps to learn how to generate them and use with CodeTwo software.
Related products: | CodeTwo Backup for Exchange, CodeTwo Backup for Office 365, CodeTwo Out of Office Manager |
Categories: | FAQ, How-To |
Last modified: | August 5, 2024 |
Created: | December 8, 2017 |
ID: | 667 |